find.exe

File Path: C:\Users\user\AppData\Local\GitHubDesktop\app-2.5.3\resources\app\git\usr\bin\find.exe

Hashes

Type	Hash
MD5	`BF8EF8A18D4D97E8D15AEE9E9F0ED0F4`
SHA1	`66E027B8C381AB8BC1E69C5BF51BF253008FD5D2`
SHA256	`FF67CDA3DCF392EF7ED5D0FB51B4BD3923C8F4E64B5CC81563EBE3345F54A975`
SHA384	`9575C72416A78BF00991121F0DD07DD321BF36F76216783FCA3098E61988CCDBCE57A2A1ACAF5949C70DCB1B7D008945`
SHA512	`77F8C7B4497C291BD66F798F8CC4445D013F14689157A6D31881267619ED7AC0EEA5BD48DEA0EA0AD7197D88436F3B2771ABE6D519143AEF157D07EE515B7562`
SSDEEP	`6144:bx/BBDWwF8VWp9UAMq5QgbbgdDsM+0Y2K1IGxd:bxHKU8VWCEK+0Y2K1IGxd`

Runtime Data

Usage (stdout):

Usage: /usr/bin/find [-H] [-L] [-P] [-Olevel] [-D help|tree|search|stat|rates|opt|exec] [path...] [expression]

default path is the current directory; default expression is -print
expression may consist of: operators, options, tests, and actions:

operators (decreasing precedence; -and is implicit where no others are given):
      ( EXPR )   ! EXPR   -not EXPR   EXPR1 -a EXPR2   EXPR1 -and EXPR2
      EXPR1 -o EXPR2   EXPR1 -or EXPR2   EXPR1 , EXPR2

positional options (always true): -daystart -follow -regextype

normal options (always true, specified before other expressions):
      -depth --help -maxdepth LEVELS -mindepth LEVELS -mount -noleaf
      --version -xdev -ignore_readdir_race -noignore_readdir_race

tests (N can be +N or -N or N): -amin N -anewer FILE -atime N -cmin N
      -cnewer FILE -ctime N -empty -false -fstype TYPE -gid N -group NAME
      -ilname PATTERN -iname PATTERN -inum N -iwholename PATTERN -iregex PATTERN
      -links N -lname PATTERN -mmin N -mtime N -name PATTERN -newer FILE
      -nouser -nogroup -path PATTERN -perm [-/]MODE -regex PATTERN
      -readable -writable -executable
      -wholename PATTERN -size N[bcwkMG] -true -type [bcdpflsD] -uid N
      -used N -user NAME -xtype [bcdpfls]
      -context CONTEXT


actions: -delete -print0 -printf FORMAT -fprintf FILE FORMAT -print 
      -fprint0 FILE -fprint FILE -ls -fls FILE -prune -quit
      -exec COMMAND ; -exec COMMAND {} + -ok COMMAND ;
      -execdir COMMAND ; -execdir COMMAND {} + -okdir COMMAND ;

Report (and track progress on fixing) bugs via the findutils bug-reporting
page at http://savannah.gnu.org/ or, if you have no web access, by sending
email to <bug-findutils@gnu.org>.

Usage (stderr):

/usr/bin/find: '/h': No such file or directory

Signature

Status: Signature verified.
Serial: 045D8F14A82147641722D4FAFC66BC80
Thumbprint: FB713A60A7FA79DFC03CB301CA05D4E8C1BDD431
Issuer: CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Subject: CN=”GitHub, Inc.”, O=”GitHub, Inc.”, L=San Francisco, S=California, C=US

File Metadata

Original Filename:
Product Name:
Company Name:
File Version:
Product Version:
Language:
Legal Copyright:

Possible Misuse

The following table contains possible examples of find.exe being misused. While find.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source	Source File	Example	License
sigma	sysmon_suspicious_remote_thread.yml	`- '\find.exe'`	DRL 1.0

Additional Info*

*The information below is copied from MicrosoftDocs, which is maintained by Microsoft. Available under CC BY 4.0 license.

find

Searches for a string of text in a file or files, and displays lines of text that contain the specified string.

Syntax

find [/v] [/c] [/n] [/i] [/off[line]] <"string"> [[<drive>:][<path>]<filename>[...]]

Parameters

Parameter	Description
/v	Displays all lines that don’t contain the specified `<string>`.
/c	Counts the lines that contain the specified `<string>` and displays the total.
/n	Precedes each line with the file’s line number.
/i	Specifies that the search is not case-sensitive.
[/off[line]]	Doesn’t skip files that have the offline attribute set.
`<"string">`	Required. Specifies the group of characters (enclosed in quotation marks) that you want to search for.
`[<drive>:][<path>]<filename>`	Specifies the location and name of the file in which to search for the specified string.
/?	Displays help at the command prompt.

Exit codes

Exit code	Description
0	The searched string was found
1	Searched string not found
2	Searched file not found or invalid command line switch was given

Remarks

If you don’t use /i, this command searches for exactly what you specify for string. For example, this command treats the characters a and A differently. If you use /i, however, the search becomes case insensitive, and it treats a and A as the same character.
If the string you want to search for contains quotation marks, you must use double quotation marks for each quotation mark contained within the string (for example, “"”This string contains quotation marks”””).

If you omit a file name, this command acts as a filter, taking input from the standard input source (usually the keyboard, a pipe (

), or a redirected file) and then displays any lines that contain string.

To exit the console search use CTRL-X or CTRL-z.
You can type parameters and command-line options for the find command in any order.
You can’t use wildcards (* and ?) in the searched string. To search for a string with wild cards and regex patterns, you can use the FINDSTR command.
If you use /c and /v in the same command line, this command displays a count of the lines that don’t contain the specified string. If you specify /c and /n in the same command line, find ignores /n.
This command doesn’t recognize carriage returns. When you use this command to search for text in a file that includes carriage returns, you must limit the search string to text that can be found between carriage returns (that is, a string that is not likely to be interrupted by a carriage return). For example, this command doesn’t report a match for the string tax file if a carriage return occurs between the words tax and file.
The command accepts wildcards for file names. When searching in file (or files) it will print the file of the processed file predeceased by ten dashes.
Find command cannot read alternate data streams. For searching in alternate data streams use findstr, more or for /f commands.

Examples

To display all lines from pencil.md that contain the string pencil sharpener, type:

find "pencil sharpener" pencil.md

To find the text, “The scientists labeled their paper for discussion only. It is not a final report.” (including the quotes) in the report.txt file, type:

find """The scientists labeled their paper for discussion only. It is not a final report.""" < report.txt

To search for a set of files, you can use wildcards. To search the current directory for files that have the extension .bat and that contain the string PROMPT ignoring the case, type:

find /i "PROMPT" *.bat

To find files names in a directory that contain the string CPU, use the pipe (

) to direct the output of the dir command to the find command as follows:

dir c:\temp /s /b | find "CPU"

Find all running processes that do NOT contain agent:

tasklist | find /v /i "agent"

Check if a service is running:

sc query  Winmgmt | find "RUNNING" >nul 2>&1 && (echo service is started) || (echo service is stopped)